Malware Analysis Report

2024-11-16 15:48

Sample ID 240215-fk7w7ahg86
Target dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad
SHA256 dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad

Threat Level: Known bad

The file dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 04:56

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 04:56

Reported

2024-02-15 05:02

Platform

win7-20231215-en

Max time kernel

66s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B287D071-CBBE-11EE-A1AA-6E3D54FB2439} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B287F781-CBBE-11EE-A1AA-6E3D54FB2439} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B28A31D1-CBBE-11EE-A1AA-6E3D54FB2439} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1062aa8bcb5fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2112 wrote to memory of 2284 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2112 wrote to memory of 2284 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2112 wrote to memory of 2284 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2112 wrote to memory of 2284 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 3052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 3052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 3052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 3052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2768 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2704 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2664 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1476 wrote to memory of 640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1476 wrote to memory of 640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1476 wrote to memory of 640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2664 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 948 wrote to memory of 1212 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1200 wrote to memory of 1576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6349758,0x7fef6349768,0x7fef6349778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6349758,0x7fef6349768,0x7fef6349778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6349758,0x7fef6349768,0x7fef6349778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.0.1815777601\1849696917" -parentBuildID 20221007134813 -prefsHandle 1180 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {283c6b0b-a6e7-4eb0-aca4-a60ad9ab734d} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 1296 101d0558 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1300,i,4244501467420703152,10494570554649420133,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1360 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1328 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2012 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1320,i,3921777600676615742,14190155914817052168,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1300,i,4244501467420703152,10494570554649420133,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1320,i,3921777600676615742,14190155914817052168,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2600 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2736 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.1.756296805\329542848" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3952158-3566-4938-9107-f57bff98b69b} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 1524 ef45558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.2.848996102\1699691139" -childID 1 -isForBrowser -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4848f9a-9a3e-4f19-a245-eb5866ee4f67} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 2336 188ad558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3476 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3540 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.3.717744026\1737656694" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a327bc-122e-4092-ad1a-0bdef66912b3} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 2956 e6a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.4.861465050\1482798196" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2416c15-275c-4f7e-a3f6-b221c4056561} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 3332 1d293458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.5.731631576\2035696259" -childID 4 -isForBrowser -prefsHandle 3460 -prefMapHandle 3360 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bf15e5b-dc55-49f7-af08-ef4e09aba6c2} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 3448 1d9ab258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2360 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.6.1986700356\426626779" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3964 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75fe2e7b-534f-4e60-aff8-0b0ee2feace1} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4008 1e97e058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.8.1312002892\1958583178" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1ac6b6b-f2f5-48be-b2f4-0bc48bd55084} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4308 1e97f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.7.178549628\2025693558" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0f144ca-1cd2-4492-aefe-aaccda507643} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4120 1e97fe58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2016 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4028 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.9.869118068\1422705234" -parentBuildID 20221007134813 -prefsHandle 2256 -prefMapHandle 2044 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc73ccd5-4fc4-4d9b-b0f5-f3b370c0453f} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 2148 19e20258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.10.1699019951\2022404787" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba490d6d-fd88-4f37-aea6-a33fd29a89db} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4756 1e97d458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.11.2075690702\1928771801" -childID 8 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 656 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f8c56f5-1147-4c81-870d-498280986a7e} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4900 1eec6c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1200,i,11416488854248159389,9254941532897744208,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
N/A 127.0.0.1:50114 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.200.54:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 127.0.0.1:50204 tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp

Files

memory/2664-0-0x00000000006D0000-0x00000000006D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B287D071-CBBE-11EE-A1AA-6E3D54FB2439}.dat

MD5 e76274baec3af9f31c2d2182be961c09
SHA1 6a610d906e636278820a24e0e333749ba8552c86
SHA256 e53b7744d3ae043238df02c165bea9f44206aa464d4addef2c83b075b308715e
SHA512 c291719348285e34054844b5028d72226f1432c607f147658be57d8a44b1534e83dacb877ce11a3d25bc820d067c2739a7971cedd4a9d449eb5b625e12ce613f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B28A31D1-CBBE-11EE-A1AA-6E3D54FB2439}.dat

MD5 94c4b36fcd7bc7f6a896cf1a8d12de5a
SHA1 479ecd7fef4295a23df1d1d867bc65de46193b90
SHA256 da34e409869ef3a7498c48237fba9aff758ccc1a582750c9bb5f55bc47ca5a00
SHA512 d4fd8f37bdda79457fe13e7153bb3075cb7f59eaa8fe19b1fffb5dd80a2a24b4c4a806502a0d4f21c7aa2c6992fe0a29071034bc2d4406a505c414cff756b3d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B28EF491-CBBE-11EE-A1AA-6E3D54FB2439}.dat

MD5 27e70868a766dac99ff18cfa75ee257d
SHA1 0aa3d88024694917818554d6215b4ce2c41a3209
SHA256 9602fa8e31cd1335c7602066e8b424a67bba1afd6f86f59279d6ccea81dc6078
SHA512 878f969f09fb800993dd3675e0689c10b0049f05756f995a012dcab72126af8c06979830e50e85534b0fc8fa2913c531643e4cd331f27cfa0b667d4f8d305310

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B287F781-CBBE-11EE-A1AA-6E3D54FB2439}.dat

MD5 687ca65183cd1cbed1adf86bbc3b8f88
SHA1 9e16977ab0b390c2a7ad8c415ff95655f84ceee2
SHA256 be078712394b1af63f7b13f5035dc5d6dfa4516857e402c9da048e7ffdab3c07
SHA512 226c8e88616e6170d8befa90b42de8ff5d7152fe448f0ca570a9fd3fa4e7347db8c95fec7d3bea0041680c7c8dfcdabb3bc04d8ad9fd111be36ee447c6ed4af4

C:\Users\Admin\AppData\Local\Temp\Cab875B.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\Tar876D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 28c5d4edcbb707beeef85523dc5f128a
SHA1 962765cc348143ad7789c612fb54797dc02d863f
SHA256 19077bec533a7617f645f30cfa0c77225653d92e3a997a59051b44907a790e0b
SHA512 c4913e5f03fae413d811d2b5812220c145bc8563720277c1e333f27eb182c7f20dc6d30b6db39c9220f192a062b38967b0658a9315a3fc6c5dddf3e304526a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 dbb0095b7f807fdacd0bc358c0fc7b67
SHA1 9223d77eb85e8d5680f636691286301fc70f28a9
SHA256 585a72ce3ec38ea250b3b39b959d977e693a0502357ea29bdc677c8c9a0a0f3a
SHA512 8f2edaf2fc98a48d19c51f5f628ceb2e962eeecd6978df8270d7b038b6a32a11f02a98470438d4943a4868c451bbd77b207bf4e77db1f0456815a09e58822c35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6190823f482d0eacf1a975485429d5eb
SHA1 088a419818b69b2a6e90d95b0613486870cc4c90
SHA256 7133b8680cfc130e8298dc7222e8230232320100520fab69c0c68ec9f6bf6d91
SHA512 e1d7848afbec3d88f6153d0eb8ed0dae74850ffb99052b67ee319f03b281546a73b73f9e75856d4965c341293ae452d2d47ffca1fa80beb3af5ba750122ff678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c84f8541393b9ef83c552b851d8b160
SHA1 3bac0d617e0fa514c5d1d4ffb0e67719c8d835b5
SHA256 6110bd767faf16eeb3ca36ebbcdeeed8983c1f7de5b3cd7e6b26770742cd57d4
SHA512 a4ffe7d66de41946748b686f99aad39f5f80446a048ea9ac69cb8fc89bb0f7d35c530da28cccaab420cd5a11e3381442d4a6f5cf4508491798f055a2782738fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba5e668cfec9d340ae49065d7cc8111
SHA1 637e867866c04a2d06181579618f9d88f652db95
SHA256 fa2c5d756dae2e0f3a3eac4ed9ef90436c3d2ee2c368ae4b78d354d817353093
SHA512 49db39d71ea67bbd641d9d9da4205ce2739ac9da809d38bd2ff80c8033c802bc3e77aeb513f657b83ca2df28d90e2efe65aa19d74b261c5dc6045241840574b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 675d942587db86251ce4c86046f2603f
SHA1 ae3e4e712fb7280f89d81b42bdb3b95d247a545f
SHA256 957ca17be1fecda395f48b64b661fa1005229e855b898e89017ff2412fde6811
SHA512 4cf94601f3c38ddf1b5d0eeff7c6618988d29660ac2a282c77b93f95cb4f3450d514701709963074a2d42129e0df56b35a73f9a276b6e9face9920bb3258f726

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 002ed8791ce2e25f59c474300a452a49
SHA1 a1f552a62a21dd230c78d5561a49d4003b97e7a3
SHA256 f2fd131b69bc8ab35d5a14158e4c2bab8474bab1b9bdefd7839f6312f39c7016
SHA512 9fa04112f84b6fe2b4cf103d74d51123fbe862b99883803599e63c4bf48320211f2dfdd7c21d83c983a278d2ab3aca67f17cfefa67a3950f70c1de9994a449ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 84c69d7121c621e196b7148f7aaffd03
SHA1 6762c6ae5e1d51b7b49a40c36aba458e8e61694b
SHA256 2ca054b1c6071c9856f727a392b05db232de492458b1d01f71695c815bec57f5
SHA512 1c94482542d3968a89721df2a35101e99c22d766d8767a1a4166f6e54ddb8e79fc34c6c49e33e16531e78fca57f3200ea8cd39264ab3cb527234329e64738031

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OGIDLOY6\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 d9214c497701e7d71a966938f0bdc6d8
SHA1 2dd117d3a63f15b4a067b67afed8c40306ea3a31
SHA256 1f172325e4ea6f81d0b8931a2a609a401801b0777843ba1ab4e57623d383947d
SHA512 08b4b8ffd6ae533d97065c1fb224dc86b1db405d14e4844f01853989c546dab3e31db627aa6e27bb3af3a08d527d786ea37ce1537118dc23412a483ff6a22b39

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QRIUY053.txt

MD5 9ad567a9b1d12e37fd05a2f7e2fc0998
SHA1 52b032660362f99b865e304ed830984fc49f1226
SHA256 9b923698cc67ec8710dbba92bf2354d6ecd78ce6eb5eba0d4a12c4f89601d89c
SHA512 945ae464d0a581c0ab6edf21d20f57049867a99414ba94cf78db14eb5ec7ce02752a5634c3b051930dffb8525f40af928eb538040fbabb347bcb3a94a619eedf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9d9808ed54d36c6a04cdf54002774570
SHA1 d777661c9de1ddf6631c19922d5a35c4739dabb8
SHA256 7884ba84e1d5c94bffab023e9388b806a399957ec11ec5e7c6b42c57988ca087
SHA512 bc5f5a48f3359f9d84c4c039e1f53d748575d3dbbde6936e77ae7cfa1401a1518158b9489c4649b0f1d04e1b6c442d24052b72b2f328388cf2f3f5cde6a856a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 cd7751d3fa439e170ce66080cf010b36
SHA1 72622526b71cb3f84e01547b4e43261ae5f49a7c
SHA256 01f712ae337e1982d83df45f14b675bddda2329728888e405910e25d4bae4d46
SHA512 b2693692c2ee5d43e1fba55e2267b1ba94b831ec0a26a5779db5e5a6c233a0b8b2e0e6450db305d5aae60b275e2b645ede0f3505e4926f720dcce317b41cf5f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\favicon[1].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ac464f1b073197c080302d740b26337
SHA1 d415d3ac4c28252ab4fc0cbf68fbe83a9ce768df
SHA256 4fa30480e932efb8e639459f906aef27953fd10b9c497adbb2038b1fd09f3969
SHA512 055b463d80c0fa8948838a4068e19cf821e101e31442fb72a377d2142c12190a5955089132eeb04a1d4a368410f0ec1101bb9632c99e88166399643686b2f3ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2b138089ac950c4dd1a4e8893320fa8
SHA1 4681240972f5c3ed6e1d7ea0ac8d4b59693719b9
SHA256 955b65c81abf6037fb191cf5083a913b34573c7f5602487b0bb7030ea0489cc9
SHA512 35ee75cef43d79d1f06d17c85e74598d7d9225680cd6c9b4d7b212840dea405e4e0da67c48fd2e7c6dbd587f0e579c22176fd7072e4615a8455b89f9de22f6f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0932f347e915f75781227f2a8b2c7a5f
SHA1 bf55299d9d0d4732609f4f95f93651f9d1a7ecfd
SHA256 781fee8f703c19ffa4c8a22983444794ba70a83e0ca57ac20839fc6b7635ed6b
SHA512 ad222be15ab2d0cea55e34822ef330bc6b4705b7dab81fb53f408e95050d78e9a5fd39171150d62b21ce6e300b050d7518b2e56637370bdb8f7ec951003ba94b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4adeb8359025ae1cc90cc5492b961670
SHA1 6ae124dfeb3b814ced003e46320d1ad10c120382
SHA256 c270bb6b29088cb01a80fe18d865bbc7ea8e5ebdf325dd8555529bfe3666bf0d
SHA512 d58cd06381dbd7dddebdfa3b87e080bf649d86d4d137c9effb6da65886ff33c6fbc939360bf687408bf9f345158fea46f138d51dd95f843b979d5b61650538d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3290fd580984bdd786b7c0f86e3dc447
SHA1 258bb75f36d1b9c59e40c255f8244f1107e31b7c
SHA256 189a406548705a8248cd8ff0a76f1eedb3ef537e570ad7a1b7ba2709e5a823e8
SHA512 8b4202822ca32beda53472e874c01be643ba6a131a6ff83d7e4fa54ab74758aaff60ec21dba21aa59246ceaea50a913072a38599417cb707d106dfccad2160d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 496795ebb27d76601cefa2ad36621edb
SHA1 e46aaec17c6d3e9644dde29b3547b700d5bcbfc6
SHA256 5aaf9b374d94b6b09176342f3273e1dbb16c5e9f627c92ab8a0cc2ba0f67c0ba
SHA512 4adf1ffc7c8da1c63d15e2580306337828813af76f8b4bf3e20481ee74921e17d47447bb6d3bf63ad7be379d50af0647d2c5bd2b5cdd903062b7b12c54019736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 325e97f0edf333be0cf3fbc365be7a10
SHA1 b9abb8a75b871e20687ab1b4c0faeff577302918
SHA256 7e94ae5d210e81104f9b6b751b6d2186d8c4b1520c7e21d8fe117277a806a6bd
SHA512 16a7a7959857ee3cd65ca99ad2f4444a3853467b9702d32f953cee0a57244363971a7a4362a4f7976f82dcb5c5208418a30250e8000080c43326becb35a18722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80d9d004ab904985233b65f8d328649c
SHA1 b544f7e68ce73e78132aae2eef5775680613dd53
SHA256 01535bba3c493cde90b1f7cd4665b4718776f3c53cf2ebaf844192e684eedd8d
SHA512 131490aa0693f10bfb99c782caef96c8df07922ee6d279dc3e59585ce76bb7eed713b61d0769775a8c530b14eb87ac4bff940e56a696a5de945a3f92e6b9c7a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c45e0616ec7c6b20d34f0f14282f62ef
SHA1 eb2336c1ba44a8932127f515d4f9e218c5379aae
SHA256 ee6a697a8106b3fac3486f60d6e5f0e42045f873c97455f4644a5f070d029132
SHA512 30573e4fdfa88c62f6f3a30b265ed6f794ec5e86a528922d40ce273ad4c5108b56119e63eedd639f7d9c29c36e3634e3e9800a0212d569838e01d10051b666ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 341c9b8b48db4d118e26b89bd863e756
SHA1 e76a19738672fa6f81758ee2d0ecd140462b6c6c
SHA256 fb6084d1ba70b87db7aa8c2f434c21e88f8e4fe46645231cf670a05977ade7a7
SHA512 4feea3f255681c25f10e7ba54c0f98aff9da5cee733131f2ef35f6d79811d98c8fb1a089a1171fc075af94ea32eba355d56cb8cdc880444901dd8ba4cf8a45f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb7aef1b7aaf7256ecd7ea4289b7e105
SHA1 bbb2f98b51e2814694316ad582b142f0cc3abdf4
SHA256 5153424da87bd6a0b0f3c1e60ea9f84f20f639e20785561a85f339a16f72d89e
SHA512 cd55e16ea697a1ef01ddfecf3639490e6957589e1b37a510f1ce6bc1aff117e15fcc303138fd15a89cda91701ecaf9c2160a148f613102ff836606cb84fe4718

memory/2664-912-0x00000000006D0000-0x00000000006D1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b86d61ef7c32a149f242895a213e7038
SHA1 411f9fa416b56fab8d405367ff1f979f6d0d9c3d
SHA256 2000d97827d5ac061bbddcd5ab0ddee874f6227461c3ded66594f8238ac87676
SHA512 0286c862882d9bba878f533ac07110d9a49cadb8d714edb32803605d8cbecff1f9e93d6ae04f4d8e76e44144ab088295365f549d859eded83d7a27bf8c3ed73a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6689910eeafe77784b48559cc078f995
SHA1 70fab9da18af0fe3f64a72469215aafb97fae7ae
SHA256 f50bf7ba4f89e79d31b6a3590defbffc68a4f49b337e127647c85b3a07f6f90c
SHA512 93652d2b864c9fc650b0605c4ffa791ba89e0bda5802f58e16b941bdb99e53a057ca8c8358f0e3277ba0ccdcd9ca2180216479907eeac9e9c8ffae3d92f4d456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 21eb7143b326121a0896252eabce2955
SHA1 278c940570f7c8f1b44a66f6320b5fa8b28834b8
SHA256 48f9d75eda0b2944016402117eaff9868c1f9c3c8ffd15403dc7550aed427511
SHA512 00245e17814e75a941e2845aaf2469724a35edd3616e66a9a8d303d7733d128214d2ed7470442b14bab9c924b644e6dea57013738a23862819c04921b36d8382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 55446767317d9ecea7c004b8557eee91
SHA1 221e938dcdf40405102919312233bc51b66b290d
SHA256 8b387c608ad933a7bd42b79a1ef55d42b823128fd9c5052013dccb1723855a64
SHA512 a2336c65ab778f985cd31bee461d782e8abac3badcf4750ce08e3efd8783b4134371685147a55526ab8cf5e907927373361bccd56163bc89dd0915b61a9298a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_59A516344C9DC5A685E0396E8C3E0A04

MD5 4d287e7d2aa4e24051ba0b26d53088ac
SHA1 c24240e3f3a9c3e7fdb45ffe9cb50c95f8e028c8
SHA256 91843b0e953c8db5e6b3b2c5fb1e00c8b822e54e85418fbd69b5a85ef74f02ec
SHA512 3a62e15c8354b43b64a24f8882a5fa54e0b8b0f159029726bffe6497b08162a67a83ef5f05e4e9a13c840d3cb6045eacc1d0d81890d090fc502c15d51a21e683

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a7c238dce25564a46cc7e6d012bf9c49
SHA1 d33b30edf99a1d81e586a5b4026bb5f80762e861
SHA256 f7da1f537687f8ec177eda0626e35a55a14efc8f6a2f2a61ab95c7b73587c61d
SHA512 3b188cb38e372443886e2b3df817ac0860f5653f014f1ff97fd530afad8b73e3a32d5db7df62823b3bf20ae087f3cf967112cfaf6bb1ccfeed995195ff80cfe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 f101b9bdac603c96ac8e35dea1e0859b
SHA1 849f8f1495b5eb11abfbb4bb20666d398c8a9eaf
SHA256 fe42005804a3d2f091684068f711d1409a989a460c14a0a53a56178e322e6fa9
SHA512 7ed2e94c3f8b191cb84190647c674596bf9bbaf65de992a2993750b48ab68623bb3f67eabba052023c3612c5adc6213935ab045912dfb4f4fd172d3ddf9cf05b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\b36ba2a8-86d1-487a-b4a7-01573ac121f4

MD5 4aa7acbff1dc0b5a245a10e89c1dddef
SHA1 0c684c98752485e46a5df45f7fd6457c29962cac
SHA256 f03490aadba684d0b4f8a3adac52630d3d2540784be7829d5c413bfe48a871ce
SHA512 4b641cfd4c450960b1eec2ef807a67c44ad319dce09b9f76797b020112b9b3e1c0c3e22c321f228241761b46663bf2995be1116d090e049d72da226654ac9d22

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\db\data.safe.bin

MD5 f7f2044adbbe7660f7492600edf11255
SHA1 a35b81346707a37372774578e1c02ec25b75945d
SHA256 703b9023155bc168fa1b3d3265145a59cdbc636564f96c8a071875f6a74ceb14
SHA512 2430d64d75599ef8794be7ecdb55cbba20e3d4be255a5fdb522a03d55742185e5a2923d3ece8dc1bd34126523b33455f0ed1cbabe9723ebb10d756dc1ac7008d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\datareporting\glean\pending_pings\021d86ae-cda1-4f09-81df-ae9f029e44ca

MD5 a70d4d995083a13bc00f00036c1c7d17
SHA1 277b7faa6eb5816594fe704c7daf066b5cd20c06
SHA256 5e07cf22db90c109ca66ccf810fa989e411e7e75e0093505bb3fcca918980128
SHA512 8201ec2c8fde17420684a25b42a0658d06456036e8184fdb8c1b34319afab9b84cb033fc0dec5e9c26184430c951a3f72f9473decacfa749a3af38075e4067ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b7fdfc050a74dfecbf4834ed5fd8392c
SHA1 3d124888d65f80484cc3e5d9b43ca05d94dc0bc6
SHA256 261d7591c1c63892412afafedb0fda9d3180595e256a59e6e1a96058fbaff88a
SHA512 dc685518ae0c203f4f101bdc8477efed869345bed5ad22730babde1ef587680a046bf052342e6691a3412a10a4ec5c17ddfd98224d771f09e8378b36a70f6598

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f4ecf8c88f5aee899956f016e70d515
SHA1 5c03e2eb0c7d4129d2fed8e7c7bbb5998d7ea1c6
SHA256 8502eaeb14f271af18dda413548d90af1acf0db23e4d301ca9d51de5b4137b99
SHA512 894a3f16c0e402d2aa176785047e6e761874aafa8c4351ef45ddf0dda6b4a1ceb92482602dadc7216647dcd9111a2821525c63caea7ec6bc905cc31a779a8fcd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 e97ab892d9a305d92232043acd3e90a4
SHA1 65e8f097f4718491727ad1bf3c07a1b1d9dfe537
SHA256 b6c6cb51b45f6aab086d23b611f9bf495ec9db12d1b397d25ad789e9ed974430
SHA512 7da93ed3a668c015f8a9501e2011d7a657192f41178189eda52137b94846a7987dbb6f959cf2f18dfa3d4bd8c6cb5cc53c067fdf192db0584a545d3cda6d711b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76faa4.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a1d8857d38fa327abbbcd96a1a0fb015
SHA1 b96394bc7d08a7cb1077528f38a44d5e2ddc46fb
SHA256 1bc6035ac8e14e0af7eed623890f359dc8fda0855cfa696eb452785a9ca965b7
SHA512 660a3e47655f12b1b9da0ba7e802e3cb0ae6943ef771ec8570593968f5650f410979e45de9b70a5b2a0bd5cf5d5e664e19616ea9df7f58300d35ba5aa35e97e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{bffb03eb-dd82-4ef0-ae35-cad2a44193d1}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\idb\666990705yCt7-%iCt7-%rae9s7p1o.sqlite

MD5 52ffd174fbdae323021104c64c5cec13
SHA1 86519748b68909b6f38012bb1582556e4c5f01cd
SHA256 895414571dff8eb82fecdbb3aacd48fd777fdda278771e99c4880498d34ed369
SHA512 c26a39b28312e2a287113eec0af5afd9ccfd18a393d7f3bce12a6d8e0ae0d2e7556877d1fc002ef979c768fc76d1d59f3eb020a36bdf9c1594741fa42f4b4f3b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 75cffe99670109836b82f48e39349a32
SHA1 731240b652f7887cd6c394b7a1d71d8f7cb718d4
SHA256 02cd75d10147e3f790d0edca8da06ec6afc77bc5ca1343acc08622dfd406e362
SHA512 bff68a9fb23e76d0019dfe192b5cf652b539b774a2ff07d6b7cb31876fbaf38b71496e35c904dfb9f0a74518b5d2b91105445807f5b08fd0552b03f47724647b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 1255f8679110687f058d554a567766e1
SHA1 4fe2fdba4fd4e2780d7575174b1fa65a1d4a9bc2
SHA256 cf58f1ac1b5b552e852ba0f6ac57167288a6dc514e4f41ab1b8fda3a203ae296
SHA512 7989cee54c19cbac31924ec82b8300b2eef5ed0825f57c318771e163baa5dcb603edf92593cdf55dd136d753b403bac03d31d6623c268aa790b0248e732023e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 4c486e0e86f1b28a4a5e63807b2febcd
SHA1 9ec2df33daaccc0118c36ec79b05fa5c165174cd
SHA256 2e06e71a4a0e2e7b36ac1f7575f855f429b708361789a4df55228ecab1aef194
SHA512 6778b5a2a914814aa4db3912bb3e42deaee11aff97fc5f31373970622751410a9e23df1392b5f865b28ad245241de126717759141aea8cdb575ceb3bfa07c844

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 f84032092966d32caf1c24d9fec30092
SHA1 eb8a9d62a8003cbc1214705aa9348a355f3e33e2
SHA256 516377263c1045fa39135515255fd330351e675e2023c35cb9ef5c76e5a23558
SHA512 99d25231394235b485d5cae8ed753222d65da11d0a102689a9ece74aa577d7b42e28722564dd4d7add8aa0e58e0e4eac29013cef21ad71e3c830cc1793bcb835

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b9633bf7389720616efb4d7b97ed01ff
SHA1 57c64a2c4db8647e2d323f535dd19730f2120491
SHA256 cc2a0e92ea91689cedfc6a262dff09fe5042964b1b5edde22fa261927c1e1af7
SHA512 c2e67f9bf2e3ec38b759ceb3d1dad3b3e52fc8fbb54bbbd1165cfc4c4e1a40426643bf8bf999d7d92012c59bdd9d6dbad39e4a39a76e0995294f54a549bd00b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a89f6c72236901f29dfa28c322c2ea98
SHA1 dd549e87d469f142b33086de6df2779037225292
SHA256 cc19ab587245fea346175ea21bdc3e91efd9ef0d1b02fb2e0493bbda2b8d0ff1
SHA512 8def5969ca4e2462f57508b310bd382a3988fad77b107e4b801fa60abb67e3b35be1f510e02a7602a16e96fee4d23759715dad6e0ccbcee6f49ef94e8ec2c740

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{e380bf30-afd9-46d5-9ca8-77d636699387}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\194\{0ed45b48-a25f-476c-9e1b-f13c9f357fc2}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\storage\default\https+++www.youtube.com\cache\morgue\110\{e2d79a8d-31e8-4a8a-aacc-b7bd6cb61f6e}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 ba4f57005bac817f2f7cb8e0ceea51a8
SHA1 0fb73c5758f75ae6de38f1bde102a15398bf0811
SHA256 0f213e9093b10cc664541729087e18590f8a6c2fb97e40ab18ae3c8366ffe0e4
SHA512 1a1ab501bfc5d2d3e01ad122469c0fdffd9d01726089edac27da152785c41121d90db1c6a8bd7de58040b5c7ca2334acbfedd17d197d57e13449f3ab54632aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 73d4d15594fb1bf8e5e49234b985b7eb
SHA1 e22ced2302ec6674774e04ab6095f2fe551bd8f7
SHA256 db4a80d9a883a2612ccbec8afef1b80fb262219654c642612e9780fd877cc45e
SHA512 153a757d153c2d6693a2b70dce2f9c875bcdaf7f9314ebe2a55d11fe7786c647d5a4213282836f37890e4316c3acc2944ee674e9ebb819b3e348872fe0da7ec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d47a066a-8fae-4da8-bec3-62de11e428f2.tmp

MD5 d2199cc1ff2c5c36544a6a2429fb9fc2
SHA1 ba366d2c39355b94224621ee8dd80aecbb2ee69c
SHA256 feacda372b52d6a9f19afaec93f2a09af203052b389da06f4a36ef06baea5002
SHA512 05dce3fdbe21899809557dd91ddff49ea1061bd6ad37c992f652940238126465e5fb6fd550cfef93361a5b22caeb1b484528caaaf40243520d8d0e2281fb13eb

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\prefs-1.js

MD5 05e9a9888b97c57b83bfb10cd7c4bf51
SHA1 d1857779a691d199db36c2e03df77b5ebce32f6e
SHA256 707e24cc1e40a7767e6432295f56ab1a0fe08b8912d1d1bab3978b607861992f
SHA512 deb53a96808b258942fde74d2dde1a18f127fc80367fc2b700c2d8b8f116211136d2a1082fecb0d177fd40e1f9ba343f8bfdb18ae07e5870e667a365fe6d8349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d55485b06f5786300591e2cd2fc5c5f0
SHA1 e0aaac3dfbb5188dbd8121d5499e391b71a520a7
SHA256 9d0b9d43d4d8360926c1b7017ed5b7e8d57d5ff71650853b495e91a2877506b4
SHA512 2189bec4f38b2be01ae61c1076c17ae3abab213d401b754983220cd40129efe9f3630d6f24df2dbe7dbef39d415329292f741f3db7ee4d11c3d8229bce696f8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 82568943074953e1dfb262c27883a66f
SHA1 e20075b4126436c2bbbc2ef11ba2df3939db9923
SHA256 1e3cf69e7ff141e855a7eeefc50c7897e22011962c642cd7b7a1cdea04d70006
SHA512 eac7b19b4f59f9edc38f26b698813712aa7a57f35a9a81ea34a12ffbee4c4ec80bcd30065cf9ac53ab4c937d692956b50ddf16a803d11a29d065dd2ae8c72ecc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 177fef990b32514e5bc60f3b62316a49
SHA1 4f32c357b41a879d3257e10908728f2a01605924
SHA256 6e4165eb142c6007a0ae1fe25cc82555d18d4b86aa108ca5aa0589056d2a7377
SHA512 3e85b2303e036fda3f66a1c5cfb087cf8d8f07a23796e971905fbdd1a2031e5e20a7070cdd64263f74ac8dff2d72cc306f0d5de18189e78360b4e74e4e3e413d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1c86d1bc46741df5f655cd43c77a393
SHA1 92e8264e3e88ba60a7e4e0aebcda564d44212eae
SHA256 99901225913a6f70f5292c45cb7f480a62b9ce600c257161aee004720a65a2f8
SHA512 20a4192563158aaffa1bb38a671cd4b073a8e7c3abb421cb1bacd504587522df13c0b267b5d040ec5f02e089aab3f85216253e449f6678492b2e0b6de62a6c20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e959627423aa29138c8b998323087256
SHA1 7299d6d9aaaa1cb3ec40e1bf7b47058c10b4580b
SHA256 5b855d779b22a4fa6974fdad5dc4ac04bf0dbce2be50a26ed123aa052c38c1af
SHA512 47c7f55fee86b49d22f9d8d1ee05f2047f50eb54ffd4cf7f6effdff259fb3149109a9efecbb68ae3bba77d93d27526f7b80adc05a17383e085e57e6d6361b0de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 723139295df84195d2ba943b9b918bb9
SHA1 00bd24e537272d0820a19103b928a9fe484e29f0
SHA256 96feffb534a570b38daa828cb564b49d6fca83b8fae144cf164ec500ef7347db
SHA512 6582ee4455863087d1c6bf7bc5713f6d64b3b51d5d6144a4fe527c2441b612a7e3c19957ceeca9b17dfd32d94f7e5f0c21ce32781cf162470bc0da597825ce9e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 2e8cd932b778a2abdf201cb152d8c41f
SHA1 133c65f240c2c8dbd4bdc0d096be0479c7d6af5b
SHA256 c2cd972fc864786c54801aa351eacdc97bca6976ceaa6c35ef802a8ea295e0de
SHA512 f4be29981f6b5f8a096bfc7cf72ddf5ae4f987b5b4d4fe32532fb0a4d3a8d51413a89a9924e6d61df14ab3d3b663aadf52ac4530d4feb2fc1e627855bef4b2bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dea8b0dc6f42f6e5e4fb97f19d7a7d8c
SHA1 070407131a290384b0a602236a30012e9d3eeb43
SHA256 6ad8872b415b4995d4889e71e2ef4a1e1c10c6bed435f275e56f087013e97cf3
SHA512 2616bb74915f6f6be3d53a594ca72d01c11247d59d82fb1e9e06a92094cf7c8889a2d166857567bf4c3fc63d66b0ccf1d0fd2306afba4e5c3e6ba677400c4f72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 97ee9c6d8652106abef5caa019273911
SHA1 ca8283f5896c8ffdec04c49c09d4add47955ab3a
SHA256 9d84ce42ed6bcdfcca09406b0e39c1200c521d73a1dfb6844574ffa928a17a77
SHA512 19e0dc69f062552c744107a1a2fb6cc25f512cb3223dd7d60ce9916cf703e81903c10eb142a74aaa15a7aed3b5a5a88cb0dc7ad742ea45b3ca4065f5eb1c042e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 57c8589f3fd0e8ace22df23c526c9137
SHA1 11d18dabb069b118e7c8ba076bf0c61f4fc25103
SHA256 20ce3a676ff73075c686743da12758bf57d6fdede2c24f4c42ed2451da0da83e
SHA512 82529345af0d841b7cab19b48c6880c64cc95c522bba73851c4186295ae4af5a7e9623f523a4da0427a15850957ca360b7cf2622a213af658ec69bdfa485c4fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c61110cb3b6b5a719ce91a5be4689c3
SHA1 3f495769c5753da0347f2e39fcc34d1854fbcdfd
SHA256 508c325f0c063272346a9b74cb696e5bc9cd70bcf985d0c52c97059ffdff76da
SHA512 b40d4a1294d045291a986225517238997b8e24a04c84da3439a7e64bcc73f9a33d86acef4bd896a2f6bc365503f1a44f2a6be324e951431fe6a630ae5c580d4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f993be5eae6e9d19ee24f2e1dda90aba
SHA1 5fe704d516445273a6ff983328d81c9f386846e1
SHA256 9a1aae606834bb7dc2ac2c196965525dcb6c33f40a310bc2177e7643d54e4e50
SHA512 8ff2321dee81f7eaac19d8b22eaee9ae590d83401e41aea9706e4960764e7393d7ff81655f94394d23fc261b778ee95fb509846029c4dcdcb2bc9f43b9bdac33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z2ud2i1e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bfb1c9a903f384ca7d26e97f6f2eeea0
SHA1 cd4b5ba40296a2f79000531b901dbf4691eb800a
SHA256 00c6fd24f9f016b232b3eec79d0a3185606d7a4c38f285bb49185260e3fcb781
SHA512 638d058148f2a9fecff307e358e74d3519ef29d64643914be89e63f44b1468716bbbc7b5cee3eec7240e60bf40a642bc7bdd6612b577d1c3cfe7a9c8bcb4480b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e0bff3115aa6e396e6ab9b31a3915d46
SHA1 0989ae2b802a0d4217b0ba2b2b0225b81e9b85e9
SHA256 296f7f1adf8b384dfe7a65e18d6e315ab821765ab7bea0a1f9e4123802a5f871
SHA512 b35a41825d564b7163494b541eb8bf330e3e92fe0d3b4defc77e12367eb43f10315ccd9bf2512bb39d620571ae3ed76605d222c00e116b2c7602396951234faf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 14e9fc726d196ab8c8a562148a27fdca
SHA1 422248dbabd9262a0b02d6f5d149e0a14023640d
SHA256 8c8f5584b03bbfdbedb4516673593653ea8a14e55929eebed70ff7409f09e245
SHA512 f0547f5f961b1c2af906d4ec190b1ffc062112e04bc240b135d40b272751f261b9d9d1216222f62d318942805bf7738900feefe2625ea8841f0475f61a915ba8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eeb344038abd8b7ac3f3a0975634c05e
SHA1 a8d9762296b83554ea7c633d542046efddb0b07a
SHA256 b8d0af5772963aa99dfea0999823be572d74adc147147a77cfb8cbe5c93aa5a1
SHA512 a6f09ea9a3e975085e28dd52e4ec6b0250242cd024d7784fbc635b5d0cfbdb682d522534bc4bc3fb2710f2dad624e7f276b0c8e6380b1b91faef70839062403a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b233b0cbc0f6ae19299d8804f759479a
SHA1 da42a51502b096c2c045d94d4aa51191c6ff46e7
SHA256 62883fa64c370987ed455cc3497a0bbb75f5a965c11053cd0ab39458d0c0c13e
SHA512 672fed7ade8d118c1ca5a78f428b326808b3d2505d0672db372272cfb260c3dd546a06519205a21bc4dd539b3f0b0873688fe379c84ff38685a97b471e1f0a37

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d92ca598c9e26cb39ccfe482c2eb1d68
SHA1 37da6908b28b7f69a41ea32064129fec0ebbed6f
SHA256 58263b762ad82ba29211d8188b2b0188d3ac517d947f0a86e392d444bcae10e6
SHA512 a3eb2ea16233417b90df641d0d7c14f1f8d29e6e87b5a15aff5b3695779213031f77a1dcc50bc32af1740c5292f33a641e688b30762baa5fdc0ed32ab1eb9d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b72e108db85c65e8bde6f9b4d92aa53
SHA1 0bcc40436a1b38a4062dfdda424ef6b4398140e7
SHA256 9234cddc74500be2f96fcf2b94f451b1aa381c3f9b81d5484e145b9a8fbb727d
SHA512 e6652954afd916844421291e822f4ff93497f8327c7d45f4c6d32ac1aa1128d43cbf573056d698ef36a3597e9a1da12b44fc73a152f26a604a5d08d1352c1ce0

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-15 04:56

Reported

2024-02-15 05:02

Platform

win10-20240214-en

Max time kernel

300s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414752136" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6f3b876acb5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{3AEA9459-3541-4840-A9CB-3B730B5355C1} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = a02d7ed8b175da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2d0efc6acb5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = db1bc674cb5fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 3416 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5068 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 4292 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4240 wrote to memory of 5768 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5056 wrote to memory of 5956 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 5956 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5956 wrote to memory of 6048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5956 wrote to memory of 6048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6012 wrote to memory of 6060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6012 wrote to memory of 6060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6052 wrote to memory of 6096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6052 wrote to memory of 6096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5056 wrote to memory of 6120 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5056 wrote to memory of 6120 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 6120 wrote to memory of 2432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5056 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5056 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5056 wrote to memory of 5140 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5056 wrote to memory of 5140 N/A C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5140 wrote to memory of 5200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5140 wrote to memory of 5200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5140 wrote to memory of 5200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe

"C:\Users\Admin\AppData\Local\Temp\dbef0ade5ba4383cc033ac0e181248646816e931b87c31f8c0212c0f663750ad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8fa929758,0x7ff8fa929768,0x7ff8fa929778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8fa929758,0x7ff8fa929768,0x7ff8fa929778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8fa929758,0x7ff8fa929768,0x7ff8fa929778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.0.318904324\1103305435" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1604 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02e6cc06-c094-4763-b5bd-3cabeeed7898} 196 "\\.\pipe\gecko-crash-server-pipe.196" 1816 2187c9d9e58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.1.650379373\525342043" -parentBuildID 20221007134813 -prefsHandle 2212 -prefMapHandle 2208 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {261f9a51-eca7-4c5c-9ada-4870c73658ec} 196 "\\.\pipe\gecko-crash-server-pipe.196" 2232 2187c4e6558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.2.1861646726\1921868612" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6495451-6f1b-4b73-ade3-2263eaf5c271} 196 "\\.\pipe\gecko-crash-server-pipe.196" 2956 218025e9e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.3.2084620320\897721511" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd91d43-586a-4180-b6b0-2d10af2f37f0} 196 "\\.\pipe\gecko-crash-server-pipe.196" 3532 218037afe58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1976 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,428934996901070635,12833494005605772534,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3712 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3672 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1856,i,1043312113165956401,6387167847329016691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1856,i,1043312113165956401,6387167847329016691,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1852,i,428934996901070635,12833494005605772534,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4696 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.4.490560001\1834061258" -childID 3 -isForBrowser -prefsHandle 4760 -prefMapHandle 4748 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad996a6b-4ae0-4303-9f74-89bedf2a8bd6} 196 "\\.\pipe\gecko-crash-server-pipe.196" 4776 21804405f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.5.1967613304\480502568" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4796 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9c99c54-45dd-4092-9c67-e6e95000d5c8} 196 "\\.\pipe\gecko-crash-server-pipe.196" 4908 21804c1fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.6.915015076\902892026" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5464697-1392-43f4-af70-e3eeafb656f1} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5028 21804cb6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.8.700937402\201928232" -childID 7 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cb653ad-97b1-4ad7-9f60-0abe495b3bfd} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5288 218054f8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.7.2093720140\150056471" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5364 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf5da27-33e1-48db-8429-dd2129358022} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5348 21804c89858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.9.1570941237\1140601200" -parentBuildID 20221007134813 -prefsHandle 5696 -prefMapHandle 5344 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c5b654-d332-474c-b0c4-b3839717b90a} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5748 21806296a58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.10.510894276\632169215" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb2d0dfb-1b46-4f7e-aca8-0d4dd8fe0f83} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5732 21806297958 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3048 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3736 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.11.2136605766\1629636169" -childID 8 -isForBrowser -prefsHandle 1348 -prefMapHandle 2648 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a8e0272-01cd-4c92-a782-a5a3e853a3ba} 196 "\\.\pipe\gecko-crash-server-pipe.196" 2652 218050d6e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1860,i,1336578209204084179,2869391936472342249,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.54:443 i.ytimg.com udp
N/A 127.0.0.1:50979 tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:50988 tcp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 rr1---sn-q4fl6nsk.googlevideo.com udp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-q4fl6nsk.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-q4fl6nsk.googlevideo.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 rr4---sn-q4fl6ns6.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-q4fl6nsk.googlevideo.com udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 198.3.125.74.in-addr.arpa udp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.198:443 rr1---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 105.1.125.74.in-addr.arpa udp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.105:443 rr4---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1---sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 e2c63.gcp.gvt2.com udp
IL 34.165.122.223:443 e2c63.gcp.gvt2.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 223.122.165.34.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

memory/4620-0-0x000002487EE20000-0x000002487EE30000-memory.dmp

memory/4620-16-0x000002487F300000-0x000002487F310000-memory.dmp

memory/4620-35-0x000002487E030000-0x000002487E032000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e8a68a58cba5884c075eb3e08d324224
SHA1 cfbe5aac25e7792887ce8d4ec3ee111aceda971e
SHA256 f0c930fbf79b4c192ac77d0006ead0fe7aba308bcbb303716c666f59927b61d1
SHA512 99319b999e096c5738deb4d21e198fbe3a5737264bb39ed746fbaf1a57927ffbce1f9940f9cb8bcd7d6b48ea9da4c54d0d2000eebd5612871ba256069e87c483

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 486aebeeb76a792eeaf8ab052521a435
SHA1 ac8b734bc9a5afb32cbfec95387bfa655913a323
SHA256 70074beff23c35473462d486e1162bce89af86dae5123b6aab7bfbb6d9bf8e61
SHA512 5da5c0f18cd8b3e6233adcce9d97b25f5842ba8ed503c3b28b98d6c417ffd6f59f3375309ae2ac2fff2670c9cb547b5e465f0063ccd66ebbe61e17347ceee2cd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c9176e8a541776eace2032f965ee0720
SHA1 ad6c074776c9cb0e6369032710906520bb4c1ae0
SHA256 1edc075d789f6c11c73bd185ad9486158df6f9d2fb1a7ced2e5d24d5ed1c12ec
SHA512 028784f6873e7056f71073d47cba1191590c6ce5361a53a054efc50bc6e9db01f323c8f253a8d835c2f9d5dda8bbe2cb973bc44cbe1df3005c970d495ae425d0

memory/1248-87-0x000001C667A60000-0x000001C667A80000-memory.dmp

memory/1248-112-0x000001C667500000-0x000001C667520000-memory.dmp

memory/3416-162-0x000002106AEB0000-0x000002106AEB2000-memory.dmp

memory/3416-164-0x000002106AED0000-0x000002106AED2000-memory.dmp

memory/3416-168-0x000002106B860000-0x000002106B880000-memory.dmp

memory/3416-166-0x000002106AEF0000-0x000002106AEF2000-memory.dmp

memory/3416-175-0x000002106B210000-0x000002106B212000-memory.dmp

memory/3416-181-0x000002106C0D0000-0x000002106C0D2000-memory.dmp

memory/3416-184-0x000002106C210000-0x000002106C212000-memory.dmp

memory/3416-188-0x000002106C230000-0x000002106C232000-memory.dmp

memory/3416-190-0x000002106C0F0000-0x000002106C0F2000-memory.dmp

memory/3416-195-0x000002106C260000-0x000002106C262000-memory.dmp

memory/5068-221-0x000002237D0C0000-0x000002237D0E0000-memory.dmp

memory/3416-284-0x0000021070B60000-0x0000021070B80000-memory.dmp

memory/3416-290-0x00000210712A0000-0x00000210712C0000-memory.dmp

memory/3416-292-0x00000210712C0000-0x00000210712E0000-memory.dmp

memory/5068-317-0x000002247E300000-0x000002247E302000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2UZKQIC2\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4292-356-0x0000023A992A0000-0x0000023A992C0000-memory.dmp

memory/4620-385-0x00000248060A0000-0x00000248060A1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2687779929a740a1c2eea4fe9c5f92a7
SHA1 87d99bacaa9d88ce83a7e8ad5d63fa837f014b0a
SHA256 c0d4e851c70eb7cec9a59ab4bac04795c1c93ee594b764c6e81da69e6f31636d
SHA512 9f1eda9801a95899a18b25b44f160948710d91a2cb10a6f7e5bae0d8d12848db069ec148325d011d3354424ba60e3955f044d55e861f955bf5a6b534b4b0e23e

memory/5068-394-0x000002247E490000-0x000002247E492000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c2425862fdd87445e5472f3c7ecb3a9f
SHA1 ae3c40a1a6d0a49be1aa97a2c4b2cb09cf0af3b3
SHA256 d3969e881da1de3f968a7c9809764c466bed251fcd62400b59abdefc4886723e
SHA512 f09f484776b06054340c80d7294c8dc752448644101191adb8b9441702ccf604366fcfce48b50c3ad9897030005beffd91c03edaa6c1d47aa431874e0059e474

memory/4620-393-0x00000248060B0000-0x00000248060B1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\D5ZX2Y0W\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/5068-406-0x000002247E4A0000-0x000002247E4A2000-memory.dmp

memory/5068-378-0x000002247E470000-0x000002247E472000-memory.dmp

memory/4292-425-0x0000023A99520000-0x0000023A99540000-memory.dmp

memory/3416-449-0x00000210725E0000-0x00000210726E0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cc0a33751c501a3dd5b87b8bc88a26a4
SHA1 555c512baf0ea6ba5ef723ec56c9f5f808558050
SHA256 7cd6ad38c993ab2c12ca9e011db77c73c96136a87e9e6199a3c925e6db83e58c
SHA512 0dbed4eebb2d0ab99cbdb36c96d694b52888bebcf35f07016fc85d66c5141d96c1eb4109708c5f2075bdacdf922cf2e3dcd75eb0fe51970468e106fdee5d5e11

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 0796eed0b2e1c1dfc54cc18dfb8e91cc
SHA1 dfdc0646f65afbaa29a63b23532d21901b89b2d3
SHA256 f0cdbd1bfcb55a08e3398aaa7b405f743c9b70f107a82f527de2cb1e889c7e4c
SHA512 f592c0d686926e8008585a4fd75c9a0d0651c7f680e808edab730457c9cebd6d050b362663d5b34875407a1f20bc107f3136ebccbfcaebb1df9e70fe17d4564a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\vza45sw\imagestore.dat

MD5 e9a3e5feee4bfbe9074a6dc8cc7e8485
SHA1 d97ff2b3e4ca8d81c3692bbfaad15ebae143f9aa
SHA256 edb30defcbf0a4661a1641049071432cf05350f782748d6bdcfb12a3f10e51c7
SHA512 d86cbdc30d235b027a6b0eb6b5d69b8c2d3685374abff89449a924b360da8ec10a59eaaa37d8c7269a2358a87d73e85d8c9fba1af294aec1a82b88fb7b2f0031

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FTGA0MFH\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 55318a43167533a5cdcf4fd70f4c6084
SHA1 a80db758ff0eb8d1a88d77eab7b593d7bf6454e0
SHA256 ce40b77513061d591f2a0f58fdddb6986494b82707eb68a806e6ccdc24d38966
SHA512 41336ea2789bdf89ff359dd34ebb8f9cf9a92d3d28fa2d158d89e19d104605bb929715fc93ccbffe7e801d15edddf00e573ec34c67db3c60444d9d6371a02176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d33411d7a5b5b61600362baa3f76bb5f
SHA1 140307be64e1af860ae26f664b0d4b4d81e4aaa6
SHA256 0f589dea7f4bc8e7cc4aecbe2bf639a2ac2dada42eca96e7b39e46db17c82a25
SHA512 2f37bd7e041035844b025b57b50496ff21b774c1c4b239e61bc94c04bd79f4688d679ba3c364cb52cce13fd0ebf94d66501ad316d172961a73e966593c070ddd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H914F1ML\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\network[1].js

MD5 fdc9b5a35cd74fff3ea372b1a0027a72
SHA1 f1e0e8e7924716986e31bf52b3fca9fb0b781638
SHA256 987eb7deb2211f6bcb391972114e1c5ee71799b5086f53f1125883f18dcf6cbf
SHA512 f19535f91de11cab1ae3d6aced695a372f23d96941a58be0cb68f64c8ae901928158bcfc812f21a1f3d7e3ca1fe8892e24a4ad3f4f1a5afaba6a0555b145e7ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\spf[1].js

MD5 eb4fbc0e01eb4a539a6bc202afd4c644
SHA1 1798b96f94e4461c211a1e5118994f6e0dfd53be
SHA256 acae96aa93e083c150d041e2f01185932e5aacd71e4b433cd165dd41aa97103a
SHA512 b608780ed207a42dbe9deee88400a6d9462029a653cec42323490b7023f210e99fb38be5574a451f069eeb5a7f8125505989b331a2243c56d1f2c84a74a2b371

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQ62PW6O\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\desktop_polymer[1].js

MD5 ebde743712278a04368e95b59c746dfc
SHA1 b1e3ef4bfff556b3565550227d9f35946b808826
SHA256 3d5d528a4f165415e39cf30a854abd406ecf63d5d7926680d78b88e5d86a7d37
SHA512 81a0841055681f59097cb693e29c4072e569ea4724a44c5bc3d0bdef8951c68c27260b06cb1adedbccf96d5d8a1e5546196d95a56924e61d061b1533f25b4919

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\rs=AGKMywFTtniNACXuAWHb4uuD8tqS7DsB1A[1].css

MD5 11047f3901344d0ffc9f2db45b067338
SHA1 e31be90da2023dd445924bc9b0e762b0d7d555e1
SHA256 95032e1559d77bbc652344e81adf18870e25b2d9c57255d505b1de1cfd956f48
SHA512 b7c49f2f413671f624af83377cffabfcdbcafb10462485d699bb22a36718ac8817f9a17f6057d480e92d25b3564fbe254be3075e3cca027c839dd613b64d1302

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8RV1YQIO\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ANAM511S\css2[1].css

MD5 31aac18e149a751facc1eab7954dfb7b
SHA1 36d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA256 42706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512 df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 8abd73cfe632d4ddec10e7316776189f
SHA1 221a97aabeca1f4363c4abc7cc25002ab033e31e
SHA256 96993408cc234e4f671526672602244857da16056c74553caf5bed86468595a5
SHA512 81dae5186f08994580e56114d887bd8c8312ba8388777c1f0dcc792003490b6b491c035c65bd2f67ae4d1dad751352f18fe0fa4c1cfa69821ceb8c49a2aef925

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D

MD5 fe1a88fbbe5ab9a099e108ab16f0ad5b
SHA1 5146fbb8f53185079036482b360a38a882cab323
SHA256 6fbe354315a859b104a49ece794f29b51b630c29fa16acfa82c217afb04f22dd
SHA512 9762995332513a7e436184b2dc64a23c2baaa9da92ca24bfa74e6f902443c18c39d2d6f399cc1c7595b98743a69e2e783f544f7576ec3c8bd5e3f5278834ba18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 3d8b7614539a82aca8ae69f87a579e41
SHA1 de5e5621ce7f8eae4a856181724ef6253388f95a
SHA256 d04ffa6781d9b1a868f283cff1761fa587e1c799ed56706fb831e7ddf774f558
SHA512 51d575037279d4270592f852ecfdcf23a21563047590338579072ac57b815765cc47d692e373c4924c758f54476ec608f1d8cb3da6e156783382529b0f77f3b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\67f812aa-b564-4336-b703-992f3e4f6879

MD5 e20e9102a9cb83a7def6e22837d76f2d
SHA1 3e5b093aa7e7b30df931f39c7e530c2ba9e6ac02
SHA256 571d5e72bbbcc81ff96248a9e933186e5defadcc0646286b60105d8b75ac3429
SHA512 38f3e22ca36fddbf08147a72f3f3cb48f78b2b7557a0bb5f1e49d80f902d766a28d7e6f752c98b5c11e415f4f72233d3d80d784023a60933f9673c3e887214da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\4f73b009-5d91-490f-af87-0cf3052eb56d

MD5 91ddca4c1295ca7f8fd6c58c07616e44
SHA1 455108f45c844c818d222a099866ce6e13e130b9
SHA256 f68fa03768fb46659de3b6fc75105d4074c9b910d564b38077298319df201ba1
SHA512 7d8604eb1cedf41e02a80396f534828ee1274ad24e72a5156b429badad300083eee56c11ca32da0316b082fb4f6e71fa06e07b427bd15e7a7e40ed864be019d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\db\data.safe.bin

MD5 ad3e99b9f1c091262187d8f3705ef716
SHA1 4b3e867324bc9ff2eba00778d469dbc05d1e1baf
SHA256 ea7616320aadac5c9074a5dc60298848ac96f60bc7d85836da4964b2b14fdb1c
SHA512 8b816cb136df926641e03759ac8bdb1aae0494d9945ff89bfd143f818baf4deb5154dcccc17a4ad6a3cb4eae8743911b57ce632fc5296b2d4a131a53d24ab47d

\??\pipe\crashpad_5956_HDRKZQTMAPTSRYAF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c74e0d9249f5c6cc74f35ad4e7b9f88
SHA1 d18fd947a0552f790af60be654c87762418b8357
SHA256 08293d0a4a8c0628ee0600e342fddd49de3588c84f5f7b5c1e8012c11d3c2cdb
SHA512 140739778b8479b985615a931e3b3ce8ab4747426488853d5167963eddc3c6b93bd62193a4339420cf814c811990efe45436f1b62571baed7cd6ab69fb86fa43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 86c308b22a87494bff3828f41fc90ec6
SHA1 48937adb583606590583050f4a309e009ed526d4
SHA256 4a2dadf9206e5b85182caee190c7b5c79fb24b3ebe317cb1b5249796b8ba1d60
SHA512 7a477899c79cacc73c4966cac109460237caa69c45c1f3ee44a6c222493c646f6f4e38499399133a0f9abb9bea232830942259462c511541aa12a265d18d5f49

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 849f8ab3db436f7aaafad62ffa64f804
SHA1 5a50ab30bb9ef295d9f1536d32e811c112570f62
SHA256 9b357e50abfc92fa38224c63b010d2ba0c833bb82ba5b68d16f390a5691d49ea
SHA512 84cb2a00a4783573cc76b9593e41415d75169f8ccc351fcc2c8d9a6a0d433de26d876c66317b1452d24081e0c9e7e9a087f1d6958d860123332dc55f19728142

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 abcd369b4af063a75cf6eaf44e164d5e
SHA1 7447f8d928996279863d930c8a4e3c548d1314ec
SHA256 8bc65d090b57dc31bbcdf4301b16dc68b3dfea989065f8958a5c0645d9cd5f9a
SHA512 8f8b5ccd607e87646f237c9ee93fc5b3989b4ba51d86c3200ecd6dcca7d62e5d8132616e2fb3a81bd32081461bd2fa842cb318187c71b425e38c46ceca621ec7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E

MD5 be3662969746adfc3b23da4b244e77a0
SHA1 bb15540f12093c8c8e56383b3c68c4397aa8bd48
SHA256 5d7c98faa7d9a508c7601da20c18ce098cc347db0884f81da36752d4b3d1b299
SHA512 99d53ffbf68d9fc3e5bef7b485e64fafc00c9c757ea56513b73d2546f77d3cf31a331d584d9baed3d5da07d3f746fab744b463247afb39f23ba26b2be7fef5c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dcac7278d049cd3eefe9affa38f9bbd2
SHA1 9a76cca5cd68b8d950d10a6548bc33d2895573d0
SHA256 a49574392ded364b5eed1c4fe13bf8c8805961e4d5f64d9f79b3b230247e94ae
SHA512 00f722fc401561ac17e27f51f8f78e1a9079259879a9472cef643361f1c8c5368886907dd9d75a654f67eebdc6b05ceb3adf62abdeb915f9e198c459cb7a3560

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 9889b8f8655dc3bc272f05bf479f12f6
SHA1 3050190c84e5eeabe7631edf68478d280b295e86
SHA256 9305f2fe2e53eda0a419ecd13e861d6591907269752da06e9e7e1820fb476895
SHA512 df0634857622901b12c7095e820870917b2a568dd021c07f5d1907025373355c4aa24b2d34aec971c976821110902cfe8dd7bcd7ac02dd90317267883838c742

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MHPP7QCY\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 34a068ba987d9930615e36fc3bcbcf55
SHA1 2588b7b3a59a83da043d6edc1dcf4b6c1d402794
SHA256 b4501dab8a42a134619d1e5e20a616ddb0e2e39b4f021d5e549939e20100e732
SHA512 27b5e37ea66febb25a0b79395ed85a127260f986fecef54096f5d75145151d4ab9d67b1a785cb5f95cfd81afda1db10e69ec1e4be00dd47ab865a0cfa58fa780

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e25a03313ad056aa61122eb709697776
SHA1 fd0d9ea7fe556478194b294c6acd40e06ff16fef
SHA256 db8c7c491a8d17cedf2c4cadaacc8b118744aaff9635643406fe7ff14a287afa
SHA512 4c08ba2d84bcd7fbd4e902c259044a07fd96da81b63bb5160ee1672ad0fa536d554c972ed712962b41c8be8a2c3ede1b3a7fcdf13639e1deec85c12a5cb2c9a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 41360f152b55f10d6aa9afe87ec1aef7
SHA1 298b3fa101979db542142390199ae875c8068c7a
SHA256 ee746d06e7b0499f97b3206a87a502a3f6434c207a295844522187d508fc147e
SHA512 ce7be6767ac8ebca94377c2569cde36600853253b3d7ae8bfa3dccb09b952b31ad6996c980a2b97ef0a125855852b7c20957d175eb2fe24468e6fd918add688a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 2c1380e160ebdca34048a2696c8d9d56
SHA1 f517c2430f8ceec25670306d8fef204abb82275c
SHA256 204d574e945bf99ee5be59ad04000f5c8976d8a526cd20ba0cc30a16456accec
SHA512 7159537a335cf708c746f6dc5f26f42667988609429817b9c3fd8f3a8ed37f0bdd42a862285bd17ffcb11ec58ca5f282a1aaaceb0ce5ff32e47f8d5dac8f92fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\10\{49cf2c03-d65a-4d2c-8766-8bcd9c9eea0a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7aee6122608ee60f7f028d4a3cb86d7b
SHA1 3d2b59a4e9e4577b172f1fee0608435d7015dfbb
SHA256 c2cab10843563042c4a4ac80f136037570a0f293aee0a01aa9daf36fc52b162b
SHA512 22cda9d20259bd96feca28f26219b4b89fa328b1e1aba7796215a400ec28bc86f43bb3723d1e96fc01071ca889ed3008ad22ee3cf200e30641516e262168c2a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ff40.TMP

MD5 c831e40b17f7570c74abdbc72d8c05bd
SHA1 26d265ce8f08ee2cbc4edea0d3ed22d146d161c3
SHA256 0e8ac07e5f121b626aa80743c131bcc98c31ab91ee6338a9bcecdf9932c03be2
SHA512 c9fb21b342092bf15870cea5c39659678db6efc4076480a19a325229c6e90f5990f8010f796357fb10e7542d20fec161d624c02c7e83ac297e7761550f26f92c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a0dff03aef5e82dcb394f74ea17d7113
SHA1 c9c3b29002e611c55118b45528eb8016c1636f2f
SHA256 0f2e0d218da70d294ecd43f239637ec2ecfef03a2b04a0e6c0b4f6e13f49091c
SHA512 0e6bcaca9b2dbd2a9856b7a5f6ab87353a5fd17fc526f72a59070221e653617ed6e266daf48c4ff3e91f921138726b110f985da02aec14c5f860ccddfbc00f02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\idb\2657662816yCt7-%iCt7-%r1ees7pao.sqlite

MD5 62fe20221d2b31efb3702fdf6c31e559
SHA1 992b935e7e27e65800edd477c358924b48fcdc5d
SHA256 fde75d41cb6111a7a748571906935319fe71ff152ee53660d0320b0d7053bb54
SHA512 9bc9d7044faf9df01a4f0ff9d8bd21997a7e81187a0f41951ee9510f56d4da13ba74b3ed48ec149d710c44655cac8f1c84b45b650a35cdc81ae1d4b4f6068ed5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7161905269daec9d1f8d0e7a4c196996
SHA1 97c6ba8313db0a06ef3bd0aaaaa2494d8bd2ace0
SHA256 0d362431f2509e498718c2e646a01b1addbffd127022a00146ad3cd9edd87d2e
SHA512 bae2a392678bd741b88b35a58341d2566ec69e281fb04d8b899b408227232080aa2f094c5b35b9731bbf6f42223f20755481bfd88b8c56348c8ce918a38257bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\85\{0bc66328-54e4-4ed5-8666-07f078513255}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{3d26710d-b778-4cfa-8a01-08c396931794}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\7\{abe0f876-ee94-4f35-b12e-ab5ddfacc407}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6d16e2b9c2570a05698de933ffa85c10
SHA1 a9a6f2adf79988fa052536ff0caff23336860c66
SHA256 200c60101d605b18596ce71b73cda4fb7b6430be7f6ad76351ea4335dc73cefe
SHA512 a4221e154edf5c61f82d577454e2be7c5188e6a078e185b2431357b4ca6e6f7234a6c843ed498747512718239e3db35c60d0e5b2e9b5ae37b983c8108a4d65c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd7ec1cca4509987e47f4bb8d83443a0
SHA1 f4d7251a7ee69c9ecaf218ae6424be30db281456
SHA256 d005e588da52090c0381bf9dee5b9129817ddc48fefa0eff3d8659ceec51e3bb
SHA512 06a45a291f72c915cd20bae1eb7fcd8e26707bc5f6fbc9e207568a897d5af199f329b1e0ccabf6727d952da05aec52bcbfe4173cc1eb13b2b549c5b9901f61de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\195\{3dfaf9ca-256a-4adc-8fc1-929594b099c3}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{4eb17a71-3c7f-4bb0-addd-bfc47b2ed1a7}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js

MD5 411c914d6b6cb18c735783c435c51e2d
SHA1 ad049a78df21c5ad72db2ebd4c737a47fb43ebb6
SHA256 278395bec8bd2810500f545b5721fc598816c9b1f78e3e08859788794fa76917
SHA512 622c4519169b54d501448f5fb875292712f59f4c65f9a61d19313acfc19f81971c858668115577722ba4faae7f8adb0f9c4a9cf334e39f9192acb1aab996eaa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584ddd.TMP

MD5 c2edad3ba3f6865e71190a21da6af010
SHA1 6b25970a454557aa2725f2c0661827ed2090e8ba
SHA256 0c8ff0bd860b6ac4c2bf584ee9516adb7d799934ee4b157edce6c1e275acb568
SHA512 265eb1fe5a66d5baf2a8d923b4b9412f2f3dc54b3c92a23fcebaf991407e426a05bbe95e2567bd58cddc214e11f316857c210949c1ffaa3c61bc0e1cf5b72473

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 20c595aa46ea41378179f08f69446363
SHA1 ae7df79817ac26449b5574aa9c5bc7eccc38392f
SHA256 f614fa6e08a8b48fcfd079f6e76e2c172f4fc564d2f7d86e06528faae3a30750
SHA512 098bddcbb1e1a2cb1982d8571605253320f927e24a24e8182b35e99dda101fb8d4b50df0a4bac4d39a1e2a0b0c80212ada5377d0dad799c35d6302e3ad2a5c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 323d54ef232b58b8720023bdce41bbd8
SHA1 42ab74fc0b072dea2a1aa7967a18713f137e7ca6
SHA256 f54a2e9f1becaff2563aebe23b741f97537277d895b425cb2c0aadef04872895
SHA512 dfa2547f0ce29803fa8ed2ef13929314cd848445cba59bb5d3a3398d44c9d3abaaeb2f9c6c48a0fce56eb3ba1a8945c8a6ae2f5afc784b2c0224c51349e04aff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e282a52bfcb15bdcb6c767b8f39a98d3
SHA1 6e7bc4bbd606bec3be2b9fdcfe29dfad99670efe
SHA256 b2034f8c8332973e7b10177564d9115d9ff1886f91dd8faefb59bb201330f75d
SHA512 ab275b6c2134b38a4a2d4883573dee3d3b0f653bff13b106968b6c8accb9ab2c2a0b9c1e51e6c8c47348366afdfe0e6367dd7d7f56634379c7bbaaba6b101b0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d6aca19313cc8669b3cff9e10e4bd312
SHA1 f1e434c3a9b0db04f27a532cf12da3ab8905f6dd
SHA256 af9695a74e3869285e29b785372e2e0c5a791b4e2c9c42040ff94c509eded822
SHA512 5ea5f21ab658de81cb894be9ef612e09cee3f4934b9bde6781cb6df0ef6cedaf5129fd40a360e91b730221d77c332013b46c4afc348917bea0d772f3819e4e90

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TCHE79SC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js

MD5 8284a344cf178717c52f9148c95c56e3
SHA1 b7833bd778edbe0847df2a966b8b8fcd033a3c04
SHA256 8935b793954739179cca80d38dd83931ff524aabed654ab5f59aff2fa1f227c0
SHA512 f051b6f25ec3d25704c0a9342455f4363f91e067d034feb9e0c63ada8b29713864ebc4cbd5bb12989d7b2fa7cf0533c11b31763bdcfa9028165de8a4518d4d8f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 f8b3685b5fb2e12ff6773fbeafad9da7
SHA1 aacae7a3dc7a164716eb6db617e67f31baffb410
SHA256 bea46d53e7c74264d2e0a8f80e3f5086fa7e6f883a1e18ffcf6200c63894561b
SHA512 2220639c8ece9b38d159d3cbeab9ec3c123d2dc01dc39f06d6c82754b5e3274dedf2ffed28aac3b3fefdc9b01f1a08b2280bd98607e291ab72ddbed51250da0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5aa21e1728b1ab33b81c2d3d49127a09
SHA1 67c404e0be423c1eac22d9c326e7e0b5ad384fbb
SHA256 02da2a41453d2af4ed7e1ab83ec4c89246e75b0758a14b22a2783d6a22bacb32
SHA512 4ed8cf535dab81ebbf699fcb0f769b3c6c583e6a05e8e943816491692f5b0d29d4f717d870915304448cb0a8bb75c07810607841df0419959175d1e43ee4c2a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f61c587d7a28d248c59423ee3bbe1f29
SHA1 37e34168e24ee2920c97c428398c3a227a9ac47b
SHA256 8c1bed8c86e2c8572c94afc47b31529c0a28becb25f11ff07b0090cd5a6aa35e
SHA512 2057c10fc44c505620b61fbf0c8f7a708e05fd5f3e054bf8f8a8316efcf55757acb5980a90f69fd68fc8543a09270b93f812eb6bfb267d4730fba3aefc0bfa27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a719b455ef7e1c59fad89e1555ae9c40
SHA1 7fcccfd3a351bdb845ed551045c7be6ccf4ada56
SHA256 b1b0aed64d3ececcee6b68e4890e7a28207ba034d8da2ac243feee3ea8b4ac64
SHA512 964d3a3601cd15bf823333cc8765865f8693bfb902cfa869b9bbf1cf2f5a6d491a88a18378c9761afa2a23a16d80b69d0cda821214abd556983f1b105aa3760e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1422facd0d0f9617c64b308c5e0d1199
SHA1 d4f76aa604672322550a848e89262c32f304451c
SHA256 864b94961fe05a3d301e632807f6f523327d5cd1cb92c3c9a573f23d52eafe65
SHA512 f2d8d7c54e11e63bea51b5f04e571373ed4b3422a9f91cffbb5fbf168b6555ed90e68bed4406b79a143c4951d7e21c834f35252f9e556c84387c14e1ad7006fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b12b9bebe5582b1f7b4ded22e26c772f
SHA1 c377c318519f1eecf7a0e93c0b0476ae9526f88a
SHA256 f999916edf369d2962ab52b9dcb8c445bcf3010b53f4b531c0ec56ce6f974bce
SHA512 b7ded79f9375a7cafbae2f576d74bca4b184060adc29a3b39879d6b4942b7bd7c5dbe07153d89b9e838228550f8ce8dc42b851e1be2dc898f3622f8604982655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e2ea2b60d0dd022b13eea206e36159b9
SHA1 2904a9daf78a1f67e6ef8eadcf222a48370fa6e0
SHA256 db99891363967eff428306f332691568bd77faf9d547d19a442fea9f00d5529b
SHA512 f2b1ee6c428eb8dbb6d6bb7d6a7c83eaed865e87d52f7888b6908804d095b22d8c70628cb28fb0fad124c831d8c67ad89b92527be55b387258888cb3f8cc65b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ba189d9f5ca544ea3227c8872d202f86
SHA1 81f7c395bb4d1aa18b9d623a487821f34a0a5ce4
SHA256 1629f8523d880805e19cc051fcfe7ea05bfaf36e39923cf11f272eeaf12b0bc8
SHA512 f01d1cc8c5aa35d77589e3f2cf6d6c9273d037a173fddcf725c2292b6037582230cf826c42ed1e1b3f74d5a264007c7b47c9482df10ae95f8d1c96b57e067c99

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 015919a08f57df13c42969031ef8a3bb
SHA1 45bd90bf44de2f1b68353e46e346dbc084745f2b
SHA256 29ac71144d3762a8b73aed7420579ad0be62ef941d2ba529614c41125ff1cf6c
SHA512 9b7a8fa8a785efb8a91b5812d1a920307353cf6eaa44d329914e84b0f4bec66b0405475a264d86ebadf42e9360a34adb0fdcc44abd398d053c8a6d1eeb79670e